Cryptography – Key management – Having particular key generator
Patent
1995-08-18
1998-11-03
Lee, Thomas C.
Cryptography
Key management
Having particular key generator
395186, 39518701, 380 23, 380 25, G06F 1314, G06F 1320, H04L 900
Patent
active
058322272
DESCRIPTION:
BRIEF SUMMARY
This application is a 371 of PCT/AU93/00644 filed on Dec. 14, 1993.
This invention relates to the security of computer documents and in particular to electronic mail, and to a method to control the degree to which the presence of covert information may be reduced or eliminated in electronic mail and other electronic documents before they are released from a secure computer environment. Furthermore this specification is directed to the disclosure of the processes conducted with secure computer environments incorporating trusted devices which are used to seal such documents.
BACKGROUND
There exists a need for persons who work on secure computer networks, which are normally physically and electronically isolated from other networks, to be able to transmit low level security classified or unclassified electronic documents outside their secure network. These needs cover both electronic mail (e-mail) facilities and transmission of other documents, such as word processor documents. Because of the secure, and generally classified, nature of the source networks, even the relatively simple case of e-mail requires unique handling routines to be applied, in a trusted manner, before the information can be allowed to leave the secure network.
In particular, information leaving a secure network must be checked to ensure that no unintended or covert information has been included within it. Most secure networks are comprised of untrusted computer devices, which cannot be relied upon to not include such covert information within a message to be released. Rather than replacing these untrusted computer devices with trusted devices, very few of which exist and those which do being expensive and having limited functionality, it is preferable to perform the required trusted checks with the aid of separate trusted devices which can be added into the existing network.
The current invention describes a pair of trusted devices, which can be fitted to an existing network comprising untrusted computer devices, to provide the means for a secure interconnection method between computer networks.
In an aspect of the invention, a method of handling a message or document having a body and header portions for transmission external of a secure computer environment, comprising the steps of: trusted manner to a human user for visual checking, and if acceptable to said human user, associating said displayed message or document with a seal produced by said trusted sealing device, gateway which deletes all but predetermined portions of said header, said gateway further comprising a trusted verification means for checking the validity of said associated seal, and if and only if said associated seal is validly associated with said message or document, attaching predetermined header portions to said message or document and communicating said message or document from said secure computer environment.
These and other aspects of the invention will be apparent from the following description of preferred embodiments which, it will be understood, are illustrative only, and need not limit the invention to any one or combination of the following elements or features.
BRIEF DESCRIPTION OF THE FIGURES
In order that the invention may be more clearly understood, reference will now be made to the accompanying drawings, wherein:
FIG. 1 depicts a schematic of the path of a mail message from its source to its destination;
FIG. 2 depicts the array of software modules which handle the mail message in the source network and beyond;
FIG. 3 depicts the array of software modules which handle the mail message in the source computer as it is sealed and sent into the source network; and
FIG. 4 depicts the array of software modules which handle the sealed mail message in the gateway of the source network.
DETAILED DESCRIPTION
Electronic mail (e-mail) is a standard feature of untrusted computer devices used in many computer networks. It is reasonable to expect that such mail will be freely exchanged between users within a computer network. In the case of a secure netw
REFERENCES:
patent: 4919545 (1990-04-01), Yu
patent: 5001755 (1991-03-01), Skret
patent: 5204961 (1993-04-01), Barlow
patent: 5226079 (1993-07-01), Holloway
patent: 5369707 (1994-11-01), Follendore, III
patent: 5550984 (1996-08-01), Gelb
patent: 5577209 (1996-11-01), Boyle et al.
Anderson Mark Stephen
Beahan Brendan
Hayman Ken
Nayda Lisa
Pope Michael
Lee Thomas C.
Perveen Rehana
The Commonwealth of Australia of Anzak Park
LandOfFree
Method for providing message document security by deleting prede does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for providing message document security by deleting prede, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for providing message document security by deleting prede will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-700891